Cliff Stearns v. Facebook

U.S. Rep. Cliff Stearns has asked Facebook CEO Mark Zuckerberg to spell out company privacy policies in the wake of a settlement late last month with the Federal Trade Commission.

By Bill ThompsonStaff writer

It will be interesting to see how many people on Facebook like this.U.S. Rep. Cliff Stearns has asked Facebook CEO Mark Zuckerberg to spell out company privacy policies in the wake of a settlement late last month with the Federal Trade Commission.

Stearns said in an email on Friday that the impetus for his letter to the founder of the California-based social media giant was the case of Max Schrems, an Austrian who had asked Facebook for a copy of his data, which had to be provided under laws of the European Union.Stearns said Schrems had received more than 1,200 pages of data that included messages and other information he had deleted during his three years as a Facebook member."Facebook and other businesses have a great deal of information on their users and nonusers and I want to look into how they can protect their privacy," Stearns said.Stearns said he and other lawmakers who joined his request to the company were curious about Facebook's "Timeline" feature, which summarizes a user's past posts and highlights photos and status updates that reap the most "likes" or comments."This has the effect of bringing very old information to the front of a person's page," Stearns added. "Facebook will opt all of its users into Timeline and give the users only seven days to emphasize or hide aspects of their profile before publishing."Stearns said lawmakers want to hear from the company before deciding what to do next. But that could mean a congressional hearing.A Facebook spokesman said the company will cooperate.Regulators accused Facebook of deceptive practices by pledging to safeguard certain information submitted by its 800 million users but allowed that to become public.For example, according to an FTC report, Facebook in December 2009, without warning to or approval from its users, updated its website so that information users had designated as private — like their Friends List — was made public.In another instance, the FTC alleged that Facebook had indicated to its clients that advertisers would not have access to their information, but still provided it.The company also asserted that users' photos and videos would be inaccessible once they deactivated or deleted their accounts, but, according to the FTC, such content was available even after those accounts were closed.And Facebook said that it abided by international agreements between the United States and the European Union regarding data transfer — when, regulators maintained, it did not in fact comply.Stearns, chairman of the House Energy and Commerce Committee's investigative subcommittee, acknowledged in a three-page letter sent Thursday that Facebook had rectified many of the issues raised by the FTC in response to its users' complaints.Nonetheless, the Ocala Republican added, "Both the practices and user information collected by those practices give rise to questions."Among other practices, Stearns has asked the company to explain how its browsers and trackers collect information, what information is collected for users and non-users alike and whether users are informed of that process and can opt out of it. Stearns also asked about how Facebook handles a deceased user's account.Stearns suggested in the letter that one problem might be Facebook's willingness to explain its privacy policy.Stearns notes that the policy has more words than the U.S. Constitution, excluding the amendments. While lawmakers appreciate a nod to transparency, Stearns wrote, Facebook executives should explain whether its users read and understand such an involved statement.In a blog post made the day of his company's settlement with the government, Zuckerberg wrote, "I think we have a good history of providing transparency and control over who can see your information. That said, I'm the first to admit that we've made a bunch of mistakes."Zuckerberg added that those errors were a product of the company's growth and push to improve its services — and that some of those practices that drew the attention of the FTC had been discarded long ago. He also noted that Facebook is constantly working to secure the site and the information it receives.But to beef up security he announced that day the creation of two executive posts devoted to protecting user privacy.As part of its settlement with the government, Facebook cannot make "misrepresentations" about the security of personal information, must get users' approval before changing how data is shared, is required to block access to deleted accounts 30 days after the account is closed and must submit to audits of its privacy practices by independent, outside regulators for the next 20 years.Stearns introduced two online privacy bills earlier this year.One is designed to prevent identity theft, while the other mandates that businesses and nonprofit groups operating online notify consumers that their personal information could be used for a purpose unrelated to the transaction with the company.Contact Bill Thompson at 867-4117 or bill.thompson@starbanner.com.